The vulnerability of the implementation of the Factory Interface Network Service (FINS) protocol in the microcomputer-based software for programmable logic controllers SYSMAC allows a intruder to gain unauthorized access to protected information and execute arbitrary commands.

The vulnerability of the Factory Interface Network Service FINS protocol implemented in SYSMAC programmable logic controllers is related to the absence of authentication. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to sensitive informati...

Microsoft Bing 访问控制错误漏洞

Microsoft Bing is a web search engine from Microsoft Corporation USA. Microsoft Bing suffers from an Access Control Error vulnerability that stems from a lack of authentication for critical functions, allowing an unauthorized attacker to execute code over the network...

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/accounts/routes.lua. An...

PT-2025-7148 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to a missing authentication for a critical function in the maxprofile/accounts/routes.lua file. This allows an unauthenticated remote attacker to reset user PINs via...

CVE-2022-41648

The HEIDENHAIN Controller TNC 640 NC software Version 340590 07 SP5, is vulnerable to improper authentication in its DNC communication for CNC machines. Authentication is not enabled by default for DNC communication. This vulnerability may allow an attacker to deny service on the production line,...

Pioneer DMH-WT7600NEX 安全漏洞

The Pioneer DMH-WT7600NEX is a multimedia digital media receiver from Pioneer. A security vulnerability exists in the Pioneer DMH-WT7600NEX that stems from a lack of proper authentication before using a user-supplied path in a file operation. An attacker can exploit the vulnerability to execute...

WordPress plugin Ashe Extra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Data Tables Generator by Supsystic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

The vulnerability of the Continuous Integration and Deployment Application Delivery system (CI/CD) of JetBrains TeamCity, related to the lack of authentication, allows attackers to compromise the integrity of protected information.

The vulnerability of the CI/CD application integration and delivery system of JetBrains TeamCity is related to the absence of authentication. Exploiting this vulnerability allows a malicious actor to potentially compromise the integrity of the protected information...

Altair 资源管理错误漏洞

Altair is a beautiful and feature-rich GraphQL client IDE from the Altair GraphQL open source. A resource management error vulnerability exists in versions prior to Altair v12.24Q3.2, which stems from a lack of request validation and a lack of authentication in the image proxy, and the...

WordPress LifterLMS <= 7.8.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion vulnerability discovered by Lucio Sá in WordPress Plugin LifterLMS versions = 7.8.5...

The vulnerability of the software for managing human capital resources in SAP Human Capital Management (HCM) lies in the absence of authentication procedures that would allow unauthorized users to increase their privileges.

The vulnerability of software for managing human capital in the SAP Human Capital Management HCM system is related to the absence of authentication procedures. Exploiting this vulnerability can allow attackers, operating remotely, to increase their privileges...

The vulnerability of the JetBrains YouTrack project management and task management software, related to the absence of an authentication process that prevents unauthorized access to protected information.

The vulnerability of the JetBrains YouTrack project and task management software lies in the absence of an authentication process when processing query parameters. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the microprogrammed software of industrial routers Billion M100, Billion M150, Billion M120N, and Billion M500 lies in the absence of authentication for a critical function. This allows attackers to circumvent security restrictions, gain unauthorized access to protected information, or cause service failures.

The vulnerability of the microprogrammed software in industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 is related to the absence of authentication for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to circumvent...

The vulnerability of the SAP NetWeaver AS Java software integration platform lies in the absence of authentication procedures, which allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of SAP NetWeaver AS Java software-based integration platforms is related to the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to remotely compromise the confidentiality and integrity of the protected information...

CVE-2024-11481

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...

The vulnerability of hybrid cloud solutions for managing thin clients in the Dell Wyse Management Suite lies in the absence of authentication procedures. This allows attackers to trigger service interruptions and delete arbitrary files.

The vulnerability of the hybrid cloud solution for managing thin clients in the Dell Wyse Management Suite is related to the absence of authentication procedures. Exploiting this vulnerability could allow a malicious actor to cause service interruptions and delete arbitrary files...

Advantech EKI-6333AC-2G和Advantech EKI-6333AC-2GD 安全漏洞

The Advantech EKI-6333AC-2G and Advantech EKI-6333AC-2GD are both industrial-grade wireless access points APs from Advantech, China. A security vulnerability exists in Advantech EKI-6333AC-2G version 1.6.3 and earlier, EKI-6333AC-2GD version v1.6.3 and earlier, and EKI-6333AC-1GPO version v1.2.1...

CVE-2024-5721

Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific...

CVE-2024-38643

A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3...